The Lastpass hack was worse than the company first reported

After being hacked for the second time in as many years this August, password manager app Lastpass announced on Thursday the most recent intrusion was much more damaging than initially reported with the attackers having made off with users’ password vaults in some cases. That means the thieves have people’s entire collections of encrypted personal data, if not the immediate method to unlock them.

“No customer data was accessed during the August 2022 incident,” LastPass CEO Karim Toubba, explained. However, some of the app’s source code was lifted and then used to spearphish a Lastpass employee into giving up their access credentials, then used those keys to decrypt and copy off, “some storage volumes within the cloud-based storage service.”

Among the encrypted data obtained by the hackers included basic customer account information like company names, billing, email and IP addresses; and telephone numbers, Toubba continued. “These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” Toubba said. “As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.” 

Still, you’re going to take the company’s word for it? I’m not. It’ll be a pain but swapping out all of your various existing site passwords for new ones — as well as picking a new master password — might ultimately prove necessary to regain your online security. Or you could just tell Lastpass to go kick rocks and switch over to 1Password or Bitwarden.

OpenAI releases Point-E, which is like DALL-E but for 3D modeling

OpenAI, the Elon Musk-founded artificial intelligence startup behind popular DALL-E text-to-image generator, announced on Tuesday the release of its newest picture-making machine POINT-E, which can produce 3D point clouds directly from text prompts. Whereas existing systems like Google’s DreamFusion typically require multiple hours — and GPUs — to generate their images, Point-E only needs one GPU and a minute or two.

There's a corgi in a santa hat, an
OpenAI

3D modeling is used across a variety industries and applications. The CGI effects of modern movie blockbusters, video games, VR and AR, NASA’s moon crater mapping missions, Google’s heritage site preservation projects, and Meta’s vision for the Metaverse all hinge on 3D modeling capabilities. However, creating photorealistic 3D images is still a resource and time consuming process, despite NVIDIA’s work to automate object generation and Epic Game’s RealityCapture mobile app, which allows anyone with an iOS phone to scan real-world objects as 3D images. 

Text-to-Image systems like OpenAI’s DALL-E 2 and Craiyon, DeepAI, Prisma Lab’s Lensa, or HuggingFace’s Stable Diffusion, have rapidly gained popularity, notoriety and infamy in recent years. Text-to-3D is an offshoot of that research. Point-E, unlike similar systems, “leverages a large corpus of (text, image) pairs, allowing it to follow diverse and complex prompts, while our image-to-3D model is trained on a smaller dataset of (image, 3D) pairs,” the OpenAI research team led by Alex Nichol wrote in Point·E: A System for Generating 3D Point Clouds from Complex Prompts, published last week. “To produce a 3D object from a text prompt, we first sample an image using the text-to-image model, and then sample a 3D object conditioned on the sampled image. Both of these steps can be performed in a number of seconds, and do not require expensive optimization procedures.”

Point-E
OpenAI

If you were to input a text prompt, say, “A cat eating a burrito,” Point-E will first generate a synthetic view 3D rendering of said burrito-eating cat. It will then run that generated image through a series of diffusion models to create the 3D, RGB point cloud of the initial image — first producing a coarse 1,024-point cloud model, then a finer 4,096-point. “In practice, we assume that the image contains the relevant information from the text, and do not explicitly condition the point clouds on the text,” the research team points out. 

These diffusion models were each trained on “millions” of 3d models, all converted into a standardized format. “While our method performs worse on this evaluation than state-of-the-art techniques,” the team concedes, “it produces samples in a small fraction of the time.” If you’d like to try it out for yourself, OpenAI has posted the projects open-source code on Github.

NHTSA opens probe into GM’s autonomous driving technology

The National Highway Transportation Safety Administration announced Thursday that it is opening an investigation into the self-driving technology behind General Motors’ robotaxi fleet. This announcement follows three reported accidents allegedly caused by Cruise vehicles braking hard or otherwise becoming immobilized in traffic, creating unannounced obstacles for other vehicles and resulting in rear-end collisions with other motorists.

“With respect to the incidents of hard braking, NHTSA has received three reports of the ADS initiating a hard braking maneuver in response to another road user that was quickly approaching from the rear,” the agency reports, noting that human supervisors were aboard for each incident. “In each case, the other road user subsequently struck the rear of the ADS-equipped vehicle.”

“With respect to the incidents of vehicle immobilization, NHTSA has been notified of multiple reports involving Cruise ADS equipped vehicles, operating without onboard human supervision, becoming immobilized,” the report continues. “When this occurs, the vehicle may strand vehicle passengers in unsafe locations, such as lanes of travel or intersections, and become an unexpected obstacle to other road users.”

In response the company touted its technology’s history of safe operations. “Cruise’s safety record is publicly reported and includes having driven nearly 700,000 fully autonomous miles in an extremely complex urban environment with zero life-threatening injuries or fatalities,” Hannah Lindow, Cruise spokesperson, told Engadget via email. “This is against the backdrop of over 40,000 deaths each year on American roads. There’s always a balance between healthy regulatory scrutiny and the innovation we desperately need to save lives, which is why we’ll continue to fully cooperate with NHTSA or any regulator in achieving that shared goal.”

The company goes on to argue that in the cases of hard braking, the vehicles were reacting to the actions of other drivers, had a human operator onboard (though the ADS was in control at the time), and has already met with the NHTSA regarding each incident. Cruise frames the immobilization events as equivalent to a flat tire, wherein the ADS encounters an unexpected and potentially dangerous situation, turns on the vehicle’s hazards and pulls off to the side of the road.

Cruise LLC is headquartered in San Francisco and was founded in 2013 by Kyle Vogt and Dan Kan. GM acquired the autonomous driving technology company three years later. Since then, General Motors has lavished its subsidiary with funding, facilities and staffing, even going so far as to develop its own processor chips for the Origin autonomous shuttle bus. The company began testing ADS rides in San Francisco in June, 2021 and earlier this year earned regulatory approval to charge for driverless taxi services within the city. 

The company has also suffered setbacks in its pursuit of self-driving taxis. Division CEO Dan Ammann stepped down from his position in June, replaced for the interim by CTO and founder Kyle Vogt. Cruise made headlines in April when a police officer tried and failed to pull one over during a traffic stop and again in June when seemingly all of them decided that the corner of Gough and Fulton would make for a perfect impromptu parking lot.   

As the NHTSA is sure it’s aware of every braking/immobilization incident to date, the agency is opening a preliminary evaluation,”to determine the scope and severity of the potential problem and fully assess the potential safety-related issues posed by these two types of incidents.” It has not announced a timeline for publication of the PE’s findings.

Former FTX CEO Sam Bankman-Fried arrested in Bahamas

Looks like embattled FTX CEO Sam Bankman-Fried won’t be testifying before Congress after all. The Bahamas Attorney General’s Office announced Monday that Bankman-Fried has been arrested and is likely to be extradited in short measure back to the US to stand trial. The AG’s office noted that his arrest came after, “receipt of formal notification from the United States that it has filed criminal charges against SBF and is likely to request his extradition.”  

The news of his arrest should come as little surprise given that last Friday the Department of Justice came out and said that it was “closely” examining his role in the multi-billion cryptocurrency exchange’s recent collapse, which is expected to harm more than a million individual investors. Justice Department officials made those statements while meeting with the crypto exchange’s bankruptcy team to discuss whether FTX had improperly moved hundreds of millions of dollars just ahead of its declared bankruptcy last November.

Bankman-Fried was scheduled to testify before Congress at the House Financial Services Committee on Tuesday. However, as United States Attorney Damian Williams explained in a Tweet Monday, Bankman-Fried has been taken into custody “based on a sealed indictment,” which will be revealed and explained in the morning.

“Clearly, I made a lot of mistakes. There are things I would give anything to be able to do over again,” Bankman-Fried recently tried to explain to the New York Times. “I did not ever try to commit fraud on anyone.” 

The Bahamian government is also being accused of collusion — not by the DoJ, but rather FTX itself. Attorneys for the company asserted on Monday (ahead of the arrest news) that the Bahamas as a governing entity had colluded with Bankman-Fried to help move the ill-gotten funds from all those suspicious transactions that took place right before bankruptcy into crypto-wallets controlled by Bahamian regulators.  

Bankman-Fried stepped down from his role of CEO at FTX in November and was replaced by John J. Ray III, an executive who was also helmed Enron through its own bankruptcy proceedings. In his prepared remarks for Tuesday’s now-postponed congressional hearings, Ray painted a bleak picture of FTX’s late stage management and operations. 

In it, he says that FTX went on a $5 billion spending spree in late 2021 and early 2022, “buying a myriad of businesses and investments, many of which may be worth only a fraction of what was paid for them,” as well as making numerous loans and payments amounting to more than $1 billion, “to insiders.” Those funds were also co-mingled with money from Bankman-Fried’s other venture Alameda Research, which also used client funds to engage in high-risk margin trading.

Depending on what the Southern District Attorney’s office unseals tomorrow, Bankman-Fried could be going away for a very long time. Wire and bank fraud on this scale, per a CNBC legal panel, would put Bankman-Fried in jeopardy of life without parole. Former Theranos CEO Elizabeth Holmes and COO Sunny Balwani just got 11 and 12 years in prison, respectively, for their roles in the medical company’s massive fraud case. Ponzi Scheme king Bernie Madoff got 150 years for his shenanigans in 2009, and in 2006, Jeff Skilling was handed 24 years for his role in Enron’s downfall.